Do you really need a domain controller?

Click here to add your comments




Sat Jul 7 01:04:27 2007:   BigDumbDinosaur


Centralized logon also means no logon if that server acts up.

Sounds like a good reason to run Samba. It very seldom "acts up." My office file and print server hasn't acted up in some seven years -- and it isn't running Windows whatever. <Smile>

Resource access permissions can be much more than is needed for a small business, and can be confusing to maintain.

That would be somewhat dependent on the type of business. In an auto repair shop, I agree that such control is probably overkill, although you wouldn't want mechanics peeking into the payroll or general ledger, eh? In a medical clinic or bank, detailed control of access permissions is often required to comply with legal mandates such as HIPAA, with which all health care providers must comply in the USA. As for being confusing, that's more a Windows problem than anything else. At least on the Samba side of things, access control is straightforward and consistent in behavior.

Setting up a PDC does have the advantage of users having roaming profiles, which result in a consistent desktop environment on any machine that is part of the domain. In this respect, Samba is a bit more complex to set up. However, once the roaming profile setup has been debugged it is very trustworthy.

Unfortunately, businesses often get pushed into this model when they buy new software. The people installing the software are often fairly clueless about networking in general but what they do know is that setting up a Domain Controller makes their work easier. Note that's "their" work, not necessarily yours.

Ain't that the truth? I have to deal with these clueless MCSEs on a regular basis and most of them don't know their asses from a hole in the ground when it comes to networking.

My bet is that in five to ten years you'll be moving back to a Unix or Linux based app: unless Microsoft finds some legal shenanigan to kill Linux, I think that's almost inevitable.

At this point in time, I can't see Billy-boy and his lackeys killing Linux. It has become too entrenched in the computing world and even Microsoft can't marshal the resources that would be required to mount a successful battle to stop Linux. Linux achieved critical mass several years ago and is now like a freight train headed downhill with no brakes. Killing Linux would be like trying to stop citizens from speeding on the interstate: too many speeders and not enough cops.

For example, a lot of small businesses have XP Home computers. Microsoft doesn't like those to join a Domain.

XP home is way too lame to be used in a business setting. Why bother?

Just don't get pushed faster than you want to go. If you don't understand what they are trying to sell you, hire someone else to intercede and protect your interests.

True of almost anything to do with computers. They aren't like toasters!



Fri Jul 13 03:42:17 2007:   drag


I don't realy think you can setup Windows workgroup anymore without setting up a domain.

I think I remember hearing the Samba developers talking about a bug with authentication were Windows 2003 and XP could not share files or whatnot without a domain controller. They accidently recreated it when they added compatability code for windows-based handheld devices.

I think that it's not going to be long before you won't be able to even administrate windows machines without a domain controller.



Fri Jun 5 03:57:46 2009:   anonymous


worst blog ever written.
if unix/linux/mac was so great, why does it not live on 90%+ of the worlds computers....
free means free. you certainly get what pay for in the OS business.




Fri Jun 5 17:16:06 2009:   TonyLawrence


Worst? Ever?

if unix/linux/mac was so great, why does it not live on 90%+ of the worlds computers....

Let me ask you something: why are most people's supermarket shopping carts piled high with soft drinks?

The answer is the same as for your question. As soon as you figure that out, you'll understand why most people use Windows.



Sat Jun 6 11:20:57 2009:   TonyLawrence


I guess I'll have to answer that for you.

Although the evidence that Coke, Pepsi, and their ilk are unhealthy is strong, the effects of drinking these aren't blatantly obvious. Moreover, more healthy alternatives are usually more expensive and are less conveniently packaged.

Coke and Pepsi are extensively advertised as general purpose drinks. Drinks like orange juice are seen as specialty items - orange juice is for breakfast only in most people's minds.

Most of your neighbors drink Pepsi or Coke. Supermarket aisles display yards and yards of these products and restaurants always have them available. Fast food restaurants often bundle these with other products to make it easy to place and order - "I'll have a number 6".

Do I really need to draw the parallels to Microsoft Windows?




Sat Jun 6 16:56:14 2009:   anonymous


This sums up Microsoft's game: http://www.groklaw.net/article.php?story=20071023002351958

Also shows why successful from cheating.



Tue Oct 27 12:40:44 2009:   staffsguy50
http://www.FreeHomeSoftware.com

Wow, that is probably the most important piece of information I have every read in my life! I know Microsoft where bullish and aggressive from their attitude towards PC dealers who wanted to sell Linux based system in the UK. I for one have weighed up the cost benefits alone between setting up an office with 20 desktops, a domain controller, mail server between windows and linux and paying for server version of linux, once you get away from branding issues and start using free alternatives such as Firefox and The Gimp, and Open Office the argument for Micorsoft is very weak to say the least. What we need are for Universities and Schools to start adopting alternatives to MS technology and teaching people that is it NOT and NEVER HAS BEEN a one horse race! See I didn't slag them M$ once!

Wed Jan 13 05:02:41 2010:   henrylow


. Small Business owners are largely forgotten. Thats why I only focus on them. I have experience several members of my family file bankruptcy due to small business failures. I also I suffered through 2 destroyed businesses due to failure however, in my failings I have learned some of the secrets to success. (Who can say they know it all?)
What I like about small business owners is that they are not afraid to take huge risks and lay it all on the line. But, I agree they do need a lot of help with their marketing. I think having them go the social media and email route is not only the least expensive but its also the most effective. Thanks for the stats!




Thu Feb 18 14:42:37 2010:   FS


I have used both Microsoft and Linux for the past couple years now. My biggest complaint about Linux is the software built on top of the kernel! Don't get me wrong, Linux as an OS is a damn solid machine! KDE and Gnome Desktop and the rest are not at the same level of dependability as the Linux kernel. There is no comparison here, KDE and Gnome will crash and dump errors to terminal and Windows XP does not. Konquerer and even Firefox will often crash on Linux, rarely have I seen it crash on XP/Vista/7. There is also no comparison between Microsoft Office and Open Office, Microsoft Office is a much better, polished product.

What the open source community does not seem to understand is that people (general users, not techs) don't want to spend three weeks configuring, debugging and vi editing their machines! They want something that is consistent between releases, service packs and such. There is as much in-fighting in the open source community as anywhere else. What might be in /etc/rc.d/example might be in /etc/example/example2 in another distro. Little concern for uniform standards between releases and distros.

If the open source community could quit their squabbles, they would attract more users, more corporations would take them seriously and in turn write more drivers and in turn attract even more users. More developers would be attracted. Linux could take Microsoft, if it really wants to but it has to sort things out first!



Thu Apr 8 17:47:12 2010:   Sledge


I am wondering if Mac mini running Snow Leopard server might be the right solution for a customer that potentially could use a domain controller and the *features* of a Small Business Server. It seems to offer some of the benefits of centralization without complicating the environment to the point of disruption.
Have you ever deployed Mac OS X server for a customer that did need a domain controller?



Thu Apr 8 17:55:58 2010:   TonyLawrence


I have not, but yes, that's not a bad idea.



Mon Jul 19 13:32:33 2010:   Jack


So, I'm thinking about setting up a domain on my home network and happened upon your blog.

You Linux/Unix guys are so funny.

I loved the "soda" analogy.
What you're basically inferring is that MS is on 95% of the world's computers because we're all idiots and don't know any better? You may have another brand of "drink", but let's face it... it tastes like crap and if you get sick from it, your screwed. There's not a doctor within miles of your house who can prescribe a "cure". And good luck figuring out what do to on your own!

I had a Unix server, in my company for 7+ years and it never crashed, true. But, that's also because it never did anything. We set the box up and never touched it. I'm no idiot when it comes to computers/OSs/networking and I *wouldn't* touch the thing. IF we needed to do anything, we had to fork over thousands to our "guy" who would talk us thru what needed to be done or fly him out from TN.

Unix/Linux is NOT user friendly. Maybe if you've got the time to learn all the ends and outs, but it's a totally different nomenclature. Inferring that you can just "switch" to Linux from MS is an absolute falsehood. I know, I've tried Linux over the years and I just can't do it. There's nothing "user friendly" about it.

There's NO software, either. You're best bet is if you've happened to purchase a program which can be run under an "emulation" of some kind. Compare MS Office to Open Office. There's no comparison folks. But, it's not just the "office" products... run your favorite MMO game on Linux. Heck, just change out a DVD burner or a NIC on your box with Linux. You got a day to invest?
Try downloading an update from your bank in a product that runs on Linux... How's that work?

I think it's the arrogance of the Linux folks that turns off the rest of us... It's like a "parent-child" relationship. You guys know what's "better" for the rest of us and it's a "look down" to even discuss MS.

Your "blog" was about setting up a DC and yet really all it is a hatchet job on MS and IT guys.

I'm no fan of MS. But you won't find hundreds of sites, knocking Linux and extolling XP.



Mon Jul 19 15:32:53 2010:   TonyLawrence


No.

Some of the comments may have disparaged Windows. but the post was about unqualified Windows consultants.

As for the rest of your blather, go ahead: keep drinking the junk. We don't really care.



Fri Jul 23 12:41:11 2010:   Bill


Jack claims that Linux isn't user friendly . . . I bet my five year old who uses Linux would disagree.

Thu Aug 12 01:25:39 2010:   Zachary


Exchange is actually a pretty amazing product. I prefer google apps personally, but for companies uncomfortable with hosting their data in the cloud, it's really quite a good application. Great calendaring, email, and data-sharing features.



Thu Aug 12 01:33:40 2010:   TonyLawrence


Exchange is complex and fragile. I sell Kerio

http://aplawrence.com/Kerio/



Fri Aug 13 14:32:25 2010:   BigDumbDinosaur
http://bcstechnology.net

Exchange is actually a pretty amazing product. I prefer google apps personally, but for companies uncomfortable with hosting their data in the cloud, it's really quite a good application. Great calendaring, email, and data-sharing features.

As Tony alluded, Exchange is a glass house in a neighborhood where stones are constantly flying. Also, the homogeneous nature of the Exchange/Outlook model creates an ideal medium for viruses, etc., to thrive. If a company wants to host their own E-mail, Sendmail or Postfix running on Linux is much more reliable. Or, the Kerio product, which is very stable, can be used. Exchange is an overblown piece of trash by comparison.

As for "hosting their data in the cloud," any company that does that is foolish, in my opinion. What do you do when your "cloud" suddenly dissipates due to an Internet outage not under your control? This is like using VoIP in a business: too many points of failure to be trustworthy.



Fri Aug 13 14:54:36 2010:   Zachary


" Exchange is a glass house in a neighborhood where stones are constantly flying. "
All I see there is some non-technical FUD.

Also, the homogeneous nature of the Exchange/Outlook model creates an ideal medium for viruses, etc., to thrive"
Some merit to this claim, but what you're saying will be true of any mail server or client that becomes very popular. Additionally, any competent Exchange admin will be running something like Symantec Mail Security on the server side, and ESET or Symantec Endpoint on the client side. These solutions are HIGHLY effective at preventing what you describe.

" If a company wants to host their own E-mail, Sendmail or Postfix running on Linux is much more reliable. Or, the Kerio product, which is very stable, can be used. Exchange is an overblown piece of trash by comparison."
Says you. We have exchange installs that have been running for 10 years with no major issues. All it requires is administering them properly. Additionally, sendmail and postfix don't provide the type of (shared) calendaring, contacts, tasks, etc, that Exchange provides, which have now become essential to many businesses. Additionally, they do not provide ActiveSync-style functionality. At best, they provide push email via IMAP IDLE. However, a small company with just a few users should certainly consider alternatives to exchange. Simply asserting that exchange is an "overblown piece of trash" is absurd. Enormous corporations run on top of exchange, and do so quite effectively.

Regarding the VoIP and Cloud hosting comments . . . I'm not going to even bother dealing with those. I don't even know of a single client we have that *doesn't* have VOiP. We don't however, do cloud hosting, for (perceived) security reasons. I wouldn't recommend hosted exchange personally, but I know several companies that do Google Apps with an SLA, and they've had nothing but great things to say about it.








Fri Aug 13 15:03:21 2010:   TonyLawrence


You are misinformed about the ability of Exchange alternatives to do things like Active Sync. Moreover, Exchange and Outlook do have serious structural issues.

You are just a Microsoft person who knows nothing else. Your opinion has no value here.





Fri Aug 13 15:05:12 2010:   anonymous


Actually, I was as Solaris/Linux admin for years. Way to talk down to people instead of having an actual conversation.

We still use Linux for some things, and we use MS/Windows for others. Different products have their places.



Fri Aug 13 15:10:09 2010:   TonyLawrence


I talk down to you because you demonstrate ignorance. It is as simple as that.

Fri Aug 13 15:10:33 2010:   Zachary


I could also say something like "You are just a Linux person who knows nothing else. Your opinion has no value to me".

But that's not relevant to the conversation. What' relevant are the ACTUAL merits of Linux/Unix/Microsoft Products. Why don't we discuss those, instead of insulting each other.



Fri Aug 13 15:15:58 2010:   TonyLawrence


No, you can't say that, because I did Microsoft Certs as well, with Exchange as an elective. I am NOT a one trick pony and have worked on more disparate mail servers than you probably have ever heard of.

Give it up. Your opinion has no value here.



Tue Aug 17 18:53:50 2010:   BigDumDinosaur


"Exchange is a glass house in a neighborhood where stones are constantly flying."

All I see there is some non-technical FUD.

FUD? FUD is Microsoft's middle name. As for Exchange, it is built on Windows and that automatically makes it fragile. The Windows model is full of security issues, relies on a poorly-documented networking protocol (SMB) and has been repeatedly shown to be easily broken by trivial problems. I won't even get started on being locked into a package sold by a convicted monopolist who has yet to develop anything original. Oh, okay. I'll admit that the MS Office Paperclip was original.

"Also, the homogeneous nature of the Exchange/Outlook model creates an ideal medium for viruses, etc., to thrive"

Some merit to this claim, but what you're saying will be true of any mail server or client that becomes very popular.

BS! Sendmail or Postfix on Linux are very popular and have demonstrated remarkable resistance to malware of any kind. Any client will work with this arrangement (including Outlook for the clueless), without fear of a virus taking over and trashing the system. I've run UNIX and Linux-based mail servers for some 15 years and have never had any problem whatsoever. My few clients who have run Exchange and Outlook in the past were forever tinkering with that mess trying to keep it from doing something stupid.

Additionally, any competent Exchange admin will be running something like Symantec Mail Security on the server side, and ESET or Symantec Endpoint on the client side. These solutions are HIGHLY effective at preventing what you describe.

I see. Microsoft sells a defective product, so the "competent Exchange admin" (is there such a thing?) has to purchase third party software to compensate for the defects in Exchange and Outlook. Sure makes a lot of business sense to me. Spend a lot of money for inferior mail server software and an equally inferior client, and then spend more money to make up for the inferior software, which, incidentally, costs a lot of money (Sendmail or Postfix cost nothing, as does Linux if you forgo third party support -- any competent Linux admin won't need it). If I were to suggest such an arrangement to most of my clients who run their businesses on UNIX and Linux servers they'd probably politely suggest I get help -- the psychiatric kind.

" If a company wants to host their own E-mail, Sendmail or Postfix running on Linux is much more reliable. Or, the Kerio product, which is very stable, can be used. Exchange is an overblown piece of trash by comparison."

Says you. We have exchange installs that have been running for 10 years with no major issues. All it requires is administering them properly.

Yeah, where administration means installing the patch de jour to fix yet another security issue that somehow snuck past the Symantec Mail Security on the server side, and ESET or Symantec Endpoint on the client side.

Additionally, sendmail and postfix don't provide the type of (shared) calendaring, contacts, tasks, etc, that Exchange provides, which have now become essential to many businesses.

You make me laugh with your ignorance. How does transporting mail suddenly turn into managing calendars, contacts and tasks? How about if the MAIL server does one job very well, that of transporting mail, and other software handle a calendar (if wanted), maintain a contact database (if wanted) and tell you when to perform a task (if wanted)? How typical of Microsoft to turn a basic Internet service (SMTP) into a bunch of unrelated drivel. Essential? Only if one thinks it's essential.

Additionally, they do not provide ActiveSync-style functionality.

Oh yes, a verrrryyyy important "feature," one that can also "ActiveSync" viruses so as to make sure all clients are equally infected.

However, a small company with just a few users should certainly consider alternatives to exchange.

All companies should consider anything but Exchange, the world's most overpriced, complicated and insecure mail server that also includes semi-useless features such as calendaring/contact database (built on Access, another fine piece of MS software "engineering")/task management/etc. With one exception, none of my many business clients would get within 10 feet of anything as virus-prone and rickety as Exchange. Also, all of them (except the Exchange user) run Thunderbird or Seamonkey for mail access, and don't worry about a virus showing up because of something like ActiveSync. If they need a calendar service, task management (only a complete schlub would have to have a computer tell them when to do something) or contact management, it can be readily added, using Open Source Software that wasn't designed by a greedy monopolist who doesn't understand security.

Simply asserting that exchange is an "overblown piece of trash" is absurd. Enormous corporations run on top of exchange, and do so quite effectively.Right, as their sysadmins run around installing the latest versions of Symantec Mail Security on the server side, and ESET or Symantec Endpoint on the client side.

Regarding the VoIP and Cloud hosting comments . . . I'm not going to even bother dealing with those. I don't even know of a single client we have that *doesn't* have VOiP.

I have two clients who use VoIP and both tend to get annoyed with the drop-outs and outright service failures that are characteristic of anything routed through the Internet. The smart clients stick to POTS, which in the USA and Canada is exceptionally reliable. If your phones aren't working due to a VoIP failure your customers can't reach you to order products and services, but they will be able to call your competitor whose phone service is via POTS and stays alive under almost all conditions, even local power failure.

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar